From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Eneas U de Queiroz <cotequeiroz@gmail.com>
Date: Sat, 27 Mar 2021 17:43:25 -0300
Subject: openssl.cnf: add engine configuration

This adds configuration options for engines, loading all cnf files under
/etc/ssl/engines.cnf.d/.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>

--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -52,10 +52,13 @@ tsa_policy3 = 1.2.3.4.5.7
 
 [openssl_init]
 providers = provider_sect
+engines = engines_sect
 
 # List of providers to load
 [provider_sect]
 default = default_sect
+.include /var/etc/ssl/providers.cnf
+
 # The fips section name should match the section name inside the
 # included fipsmodule.cnf.
 # fips = fips_sect
@@ -69,7 +72,13 @@ default = default_sect
 # OpenSSL may not work correctly which could lead to significant system
 # problems including inability to remotely access the system.
 [default_sect]
-# activate = 1
+activate = 1
+
+[engines_sect]
+.include /var/etc/ssl/engines.cnf
+
+.include /etc/ssl/modules.cnf.d
+
 
 
 ####################################################################
